Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 13 2014


A comment on the "hacker attack" on beppegrillo.it

Since some American friends are asking, I thought I'd share a few comments on the purported hack attack on a political movement here in Italy (source in English).
First, a brief reconstruction of the events (and note I'm trying to stay clear of political nuances, which is costing me some effort). In a few days, the Italian parliament is set to vote for the elections of our next President. Italy is a parliamentary democracy, and the President is elected jointly by the houses of parliament and other representatives of the Regions. Since it's a 7-year mandate, this is a particularly important moment in the Italian system.
The political movement in question, Movimento 5 Stelle, launched a poll (not a vote, technically, as the vote takes place only as I mentioned before) among its members (and not an open poll) to indicate "names" of personalities they should propose as next president. This is important, as it deflates the practical value of attacking such a system for any external threats (except politically motivated ones, for demonstration purposes). The names coming out of this poll would just be an "indication", for the MPs of the movement, on how to vote during the actual elections. An indication because, of course, at some point they might have a choice between an agreement other candidates or irrelevance (since there's a qualified majority needed to elect the President).
Now, the facts we know are that: 1) the movement leader decided to stop the poll and start it over, due to a purported "hacker attack" which was "detected" and "solved". 2) the event was discovered by DNV (a certification entity, hired to ensure that the election process was not flawed). The certification body states an anomaly was discovered, namely that there were more votes than registered voters. 3) DNV is not in the business of information security, but of compliance. They discovered the event by analyzing the process and the data, and discovering implausible values. 4) Contrarily to what immediately said in 1), the successive versions of the story talk of a "sophisticated intruder" that "hid their traces" and of a non-identified first moment of access 5) The software is realized in house, is not open source, and the servers which host it are owned and managed by the PR agency which supports the leader of the movement (which is also, we believe, the author of the software, or has contracted the author). 6) A facebook group claimed the "attack" was just a matter of organized trolling, i.e. that they basically accessed the voting system without control due to a flaw in the process and in restricting access.
What is my personal opinion on this, founded on my experience?
I honestly don't know whether or not a willing attacker was behind this event (I take exception, in general, to calling that attacker "hacker", but this is another story). However, since the practical value of a hidden attack against such a system is close to zero (given that this is a poll completely under the control of the movement leadership, which can call it off at any time or mangle the results as they see fit), the only reasonable course for a politically motivated attacker would be to make the system fail visibly (say, a defacement). Since nothing like this happened, my opinion is that an attack from an external entity is very unlikely.
But regardless of this, my opinion is that, most likely, what happened was the result of badly designed and written software, realized by less-than-competent people. Open source software for polling is available, tried and true, and could have been used. Honestly, this is not rocket-science, either. Also, the process of registration for voting should be scrutinized as it is probably part of the issue.
Finally, my opinion is that a poll managed and run by a PR agency working for the leader of a movement, on closed systems and with a software that has been specifically developed for this, has very little to do with any form of voting. The sheer fact that they needed to hire a certification body (DNV) to give some proof that the process was not flawed (resulting in the boomerang of having to admit it was) is a demonstration of a basic flaw.
The movement under discussion hosts a number of technically savy people who could easily form a committee to manage and run a neutral technology platform for this kind of polling, or for internal debate. The fact that this does not happen, alone, casts serious doubts on anything that is done "online" with a closed platform.
The core issue here, and I'm really trying hard to stay clear of any political comment, is that this movement is trying to confuse online polling with real e-voting, and a blog with its comment with e-democracy. E-voting and the transformation of democracy in a more evolved form through the adequate use of technology is difficult, it cannot be realized in-house with closed processes by a bunch of incompetent folks who cannot even realize a functional polling system. 
E-voting, or e-democracy, entails deeply complex research issues such as voter/citizen identification, guarantee of vote secrecy, guarantee of anonymity coupled with ensuring authentication, crowdsourcing of the management of online discussions, possibility of open scrutiny of the process by voters and third parties... This is difficult, friends, more difficult than you can possibly believe. There's only a few handfuls of experts around the world who know how to do this, and surely they don't work for a marginal PR company in Italy.
The obvious snake oil sign here is the classical statement "Well, no system can be 100% secure". That's obviously true. But some system can be immediately identified as incredibly stupid, or at very least terribly boorish.
Reposted fromraistlin raistlin

February 10 2011

Without any comments.
Reposted fromraistlin raistlin

January 27 2011


January 04 2011

Reposted fromraistlin raistlin

October 09 2010

The beauty of the Internet is that it connects people. The value is in the other people. If we start to believe that the Internet itself is an entity that has something to say, we're devaluing those people and making ourselves into idiots.
Edge; DIGITAL MAOISM: The Hazards of the New Online Collectivism By Jaron Lanier
Reposted fromraistlin raistlin

June 17 2010

May 31 2010

May 26 2010

May 21 2010

May 20 2010

May 16 2010

May 11 2010

May 10 2010


Identificato il gene coinvolto nella sclerosi multipla

E' da mesi che qui al CRS4 si sa di questa scoperta che il team del Prof Cucca ha fatto, ma sono stati mesi di "silenzio" e di embargo per essere certi di avere dati inconfutabili a sostegno.

Blog di Gigi Tagliapietra: Identificato il gene coinvolto nella sclerosi multipla
Reposted fromdarth darth

May 05 2010

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!